“A new group of phishers is trying a new tactic: sending out emails that appear to be in-house – often from the CEO or CFO – asking HR personnel for the W-2 information of employees companywide,” writes Security Intelligence’s Douglas Bonderud. “Since the email looks official and the request seems reasonable, it’s no surprise that several businesses have already been victimized.”

The number of employees targeted at GCI, Snapchat and Mansueto alone is in the thousands, and the scammers are successfully stealing from more businesses each day Worse, W-2 documents contain everything a hacker would need to steal an identity or commit tax fraud, including name, address, social security number and wage information. What’s most troubling here is neither scope nor severity, however – it’s how easily these thefts could be prevented.

No Control, No Security

Businesses should never share sensitive documents without first protecting them. The compromised W-2 information likely would not have been compromised if the companies involved had taken measures to protect and retain control over their shared files. Consider what may have happened if the targeted organizations had secured all employee tax documents with digital rights management (DRM) technology.

After a long day of work, a CFO receives an email with an unusual request: for some reason, the CEO wants access to employee W-2s. The CFO, focused on ending the workday, acquiesces without a second thought, pulling the requested files out of SharePoint en-masse. It’s only after hitting ‘send’ that the CFO realizes they’ve been duped. Without additional protections, they’d have just given the tax records of every single employee in the company to a career criminal. With DRM, however, there are a few ways things might play out:

If the files are sent without copy/paste permissions or as “view only,” the criminals have to extract the information manually – an extremely time-consuming process. The W-2 information is still compromised, but the company has more time to notice and respond to the security breach. Further, the scammers might abandon the protected documents in favor of easier, less-secure targets.

If access to the files is restricted to approved parties, those files can’t be shared or sold by criminal organizations. Even if a criminal downloads a file, the data inside remains protected in an unhackable, encrypted container.

If the scammers somehow gain access to the DRM-protected documents, that access can be revoked immediately upon discovery of the data breach, rendering the documents useless to the criminals.

In order for any of the above scenarios to be realistic, your organization needs a document control solution that integrates seamlessly with its existing repositories. Said solution must also allow you to retain control over your files even when they’re outside your company’s firewall. Most importantly, it needs to be easy to use, enabling collaboration and file sharing without interrupting workflow.

How BlackBerry Workspaces Keeps You in Control of Your Documents

A two-time visionary in Gartner’s EFSS Magic Quadrant, BlackBerry Workspaces addresses the characteristics of electronic data that makes it so easy to steal, fundamentally breaking the basic model of data theft that powers the criminal enterprise. Used to protect the personnel records of organizations such as the U.S. Postal Service and the U.S. Department of Veterans Affairs, it allows you to retain full ownership over sensitive documents no matter who those documents are shared with. It’s able to accomplish this thanks to some of the most robust security and DRM controls on the market:

Files are protected by end-to-end encryption whether at rest, in-transit, on-server or on-device.

DRM controls allow administrators to easily restrict or allow downloading, copying, editing or printing. The protection is applied at a file level, so in the event that an unauthorized individual gains access to a file, that access can be revoked with a single click, even after files have been saved locally.

When a file is taken out of a repository protected by BlackBerry Workspaces, DRM can be applied automatically without requiring additional action by the employee.

BlackBerry Workspaces’ granular logging and reporting tracks every detail of how, where and by whom each file or repository has been accessed. It can also integrate with existing document loss prevention (DLP) solutions. If a suspicious party accesses any sensitive documents, your administrators can take action immediately to protect the information those documents contain.

Don’t Fall Victim

That so many major organizations fell prey to such a simple phishing scam is an embarrassment. But what’s more embarrassing is the fact that none of them had any sort of security solution in place to protect employee information. Had they been using a tool like BlackBerry Workspaces, this story would have played out far differently.

As it is, they’re left with egg on their face and a pile of stolen tax records on the web.

[…] recent IRS phishing scam and the Panama Papers leak have one key characteristic in common: they underscore the need for […]

http://blogs.blackberry.com/2016/06/an-nfl-team-might-have-lost-thousands-of-player-medical-records-4-ways-blackberry-workspaces-could-protect-them/ An NFL Team Might Have Lost Thousands of Player Medical Records. 4 Ways BlackBerry Workspaces Could Protect Them | Inside BlackBerry

[…] an age where digital attacks and phishing scams seem to be a daily occurrence, it’s easy to forget that our data can be put at risk by what […]

The views expressed on any corporate or individual's personal website or any Twitter account are not necessarily those of BlackBerry. The user's Twitter account and/or personal website, any corporate website, or any comments contained on any of the foregoing have not been reviewed by BlackBerry and do not constitute an endorsement by BlackBerry.